Kathmandu – In a major escalation of cyber “protests” in Nepal, the Nepal Electricity Authority (NEA) mobile app has reportedly been breached by the hacktivist group “Nepali For Nepal.” The group, which previously targeted the National ID Department, has used the app’s interface to demand the immediate release of medical entrepreneur Durga Prasai.
The Breach: What Happened?
On Wednesday, users and security researchers noticed a strange modification within the NEA official app. The Home Page Slider (the banner images that usually show notices or ads) was replaced with a political banner.
- The Message: The banner addressed the “Interim Government,” demanding the release of Durga Prasai within 24 hours.
- The Threat: The group warned of a severe “Cyber Protest” if their demands were not met.
Video Evidence: Full Admin Access?
Unlike a simple website defacement, this attack appears to be a deep system compromise. The group released a screen-recorded video on Telegram as proof of their intrusion.
According to the video evidence reviewed by tech experts, the hackers appear to have gained Full Admin Access to the NEA App’s Content Management System (CMS). The video shows them navigating through critical sections of the backend, including:
- User Details: Access to customer names, numbers, and meter details.
- Notification System: Ability to send push notifications to all app users.
- Charging Stations: Management controls for EV charging station data.
- Complaints & Suggestions: Access to private feedback sent by citizens.
NEA’s Official Stance: “It’s Just Maintenance”
Despite the visual evidence of a hack, the Nepal Electricity Authority has officially denied the breach.
Sarbajit Kumar Chaudhary, the NEA Information Officer, stated that the app is currently undergoing a “System Upgrade.”
“We issued a notice a few days ago regarding maintenance. The work is still ongoing,” Chaudhary told the media.
The Contradiction: The NEA had indeed issued a notice on Kartik 27 stating services would be down for 24 hours (Kartik 29-30). However, the “hacked” banner appeared days after this scheduled maintenance window closed. Furthermore, a “system upgrade” rarely explains why a political banner demanding a prisoner’s release would appear on an official app.
A Recurring Threat
This is the second major strike by “Nepali For Nepal” (who also call themselves Nepal’s Research & Analysis Organization) in 48 hours. Earlier, they claimed responsibility for taking down the Department of National ID and Civil Registration website.
Tech Aware Nepal Analysis: If the hackers truly possess the Admin Access shown in the Telegram video, the personal data of millions of electricity consumers including locations and contact details is currently at risk. This goes beyond political activism; it is a critical failure of digital infrastructure security.
